January/February 2026 Supplementary Exam Memo (UNISA
South Africa)
,Question 1
What is the primary purpose of an internal audit in risk management?
• A) To punish employees for errors
• B) To assess the effectiveness of risk management processes
• C) To ensure compliance with all laws and regulations
• D) To reduce costs within the organization
Correct Option: B)
Rationale: The primary purpose of an internal audit in risk management is to assess
and improve the effectiveness of risk management processes, ensuring that risks are
identified, managed, and mitigated appropriately.
Question 2
Which of the following is considered a key responsibility of an internal auditor in a risk
assessment?
• A) Developing business strategy
• B) Evaluating the adequacy of risk responses
• C) Writing operational policies
• D) Conducting market research
Correct Option: B)
Rationale: Internal auditors are responsible for evaluating the adequacy of risk
responses, ensuring that the organization’s risk management strategies are effectively
implemented and functioning as intended.
Question 3
In the context of internal auditing, what is the 'three lines of defense' model?
• A) A framework ensuring collaboration between business lines, risk
management, and internal audit
• B) A method to segregate duties among auditing teams
• C) A strategy to combat financial fraud
• D) A model to measure employee performance
Correct Option: A)
, Rationale: The 'three lines of defense' model is a framework that delineates
responsibilities across business units, risk management, and internal audit to promote
effective risk management and compliance.
Question 4
Which tool is commonly used by internal auditors to identify and assess risks?
• A) SWOT analysis
• B) Benchmarking
• C) Balance scorecard
• D) PEST analysis
Correct Option: A)
Rationale: SWOT analysis (Strengths, Weaknesses, Opportunities, Threats) is a
common tool used by internal auditors to identify and assess risks in relation to
organizational objectives.
Question 5
What is a significant benefit of implementing a robust internal audit function within an
organization?
• A) Reducing the number of employees
• B) Enhancing stakeholder confidence and improving governance
• C) Increasing operational costs
• D) Limiting access to sensitive information
Correct Option: B)
Rationale: A robust internal audit function enhances stakeholder confidence and
improves governance by providing independent assurance that risks are being managed
effectively and organizational processes are compliant.
Question 6
Which of the following best describes "risk appetite"?
• A) The total amount of risk an organization is willing to accept
• B) The methods used to minimize risk
• C) The penalties for not meeting compliance
• D) A strategy for financial planning